Darktrace AI interrupts in-progress cyber-attacks, including ransomware, email phishing, and threats to cloud environments. It's able to detect and establish baselines for your organization so it can make the distinction between what is and what isn't normal network activity for your organization. This allows it to tackle complex cyber-attacks as they happen and prevent future cyber-attacks from happening.
N/A
Microsoft Defender for Endpoint
Score 8.5 out of 10
N/A
Microsoft Defender for Endpoint (formerly Microsoft Defender ATP) is a holistic, cloud delivered endpoint security solution that includes risk-based vulnerability management and assessment, attack surface reduction, behavioral based and cloud-powered next generation protection, endpoint detection and response (EDR), automatic investigation and remediation, managed hunting services, rich APIs, and unified security management.
Darktrace is a product well suited for the vast majority of infrastructures and helps monitoring and responding to threats based on the network in a very elastic way. This is a product based on on-premise infrastructures that hosts its machines locally, of course it can be technically difficult to monitor an entire On-Cloud infrastructure but even there there's room for sensors and monitoring, not to mention the SaaS and mail integration that completes the product.
if you have significant no. Microsoft products in your ecosystem then Defender works extremely well. We onboarded defender as part of M365, which includes MDO and MDE both. If your customers are spread across multiple geographies, then Defender can help you setup Compliance policies based on each reason which reduces the efforts from DPO significantly. Apart from these, I feel it is a feature rich and stable EDR product.
Uses it Al model UEBA to detect anomalies in the behaviour of not only the users in a corporate network but also the routers, servers, and endpoints in that network.
Provides a visualisation of both egress and outbound network traffics flowing in and out of the organisation.
Darktrace comes with it autonomous AI model detection and responses capabilities.
Darktrace as an AI next generation NDR solution, prevents ,contains and quarantines malicious traffics from and into the corporate network.
I really enjoy the level that we get with our licensing for the timeline on devices, being able to see what happened when it happened down to the millisecond to know exactly what happened when someone clicked something, did something bad, installed something bad, or whichever. And the alert monitoring is really useful for sending emails whenever there's anything that's remotely detected, even if it's a false positive.
There are few areas that I would say need to be improved; their customer support portal allows you to log tickets with any suggestions or things you feel the product is missing, and they will generally show you how to achieve what you want, or in some cases, introduce it as a feature in a later update.
It is a little hard to do threat analysis or investigation when you try to correlate the detection with other security control systems like firewalls, web proxies, etc.
Darktrace support is excellent in my experience. They send a competent engineer on-site to provide on-boarding training. They were also very responsive in responding to questions and concerns. Having an individual point of contact who is a competent network and security engineer is not a common experience, at least for me.
The first time I tried to onboard my macOS endpoints to MDE I struggled for quite a bit. I had to reach out to Microsoft's MDE support team. The tech was very helpful in walking me through the steps during a screen share session
We did NOT select Darktrace. OSSIM/AlienVault is a more mature product and it provided better intelligence and reporting. The end user interface is much easier to use - and you can tell built form engineers who have had to do the work. My suggestion for anyone considering Darktrace, is to get the price upfront; do a 30/60 onsite trail; and do the same thing, at the same time, with AlienVault. AlientVault will win every time. I say that because that's exactly what I did.
This product does do a very good job of providing basic security protection for our client endpoints. We decided to go with this product because of the ease of setup and integration into the Windows server environment. We have not had any complaints from any of our clients using this product.
One big positive is how it helps us with the security assessments that clients have done on us. They are looking to see if we know how we might have unusual/malicious traffic running on the network.
If you have a small network and only need 1 appliance, it can be a good ROI and peace of mind.
You could go down a hole in trying to spend time looking at all of your traffic with this software. You need to focus only on what it is showing as potential bad traffic.
Positive - Alot of money saved because of looming security threats today in Work from Home environments. Lesser IT cost because of its automation capabilities has made it a really good choice
Positive - Because of enhanced security , downtimes are reduced thus profits are increased
Negative- Training cost is something which could have been avoided if this defender had some integration with self training modules
Negative - Too much costly. Integration cost, new setup cost, ongoing licensing cost etc is too high
